OPNsense and Xbox Live

May 4, 2020

This post is mainly documentation for myself on how to setup OPNsense to achieve Xbox Live Open NAT. There are two things that I wanted. First, I wanted to achieve Open NAT without turning on UPnP. Second, I needed this to all work for both the Xbox Ones in the house.

The official docs has a list of TCP and UDP ports that Xbox Live needs to work. But, in reality there is only one port that needs to be port forwarded. If you only have one Xbox One, that port is 3074 on both TCP and UDP. If you have multiple Xbox Ones, then on the Xbox One go into Settings -> General -> Networking settings -> Advanced settings -> Alternate port selection. From there, you can pick an alternative port to use for Xbox Live. After selecting the port, make a note of it.

The Xbox One will need a static IP address. That can be done via DHCP, which is straight forward to setup and I won't cover that here. Or a static IP can be setup directly on the Xbox One.

Here is how I setup port forwarding in OPNsense for Xbox Live Open NAT.

Setup Aliases

Create Alias for Xbox Port for both TCP/UDP:

Firewall -> Aliases

Click + at the bottom right

Name: Xbox Live Port

Type: Port(s)

Content: 3074 (or the alternative port if on second Xbox One)

Description: Whatever you like

Create Alias for Xbox IP addresses

Firewall -> Aliases

Click + at the bottom right

Name: Xbox One Host

Type: Host(s)

Content: IP address of Xbox One

Description: Whatever you like

Setup Port Forwarding Rules

Firewall -> NAT -> Port Forward

Click +Add at the top right

Interface: WAN

TCP/IP Version: IPv4

Protocol: TCP/UDP

Destination: WAN Address

Destination port range: Xbox Live Port Alias

Redirect Target IP: Xbox One Host Alias

Redirect target port: Xbox Live Port Alias

Description: Be creative

NAT Reflection: Enable (Super Important!)

Setup Firewall Rules

These should be auto-created when port forwarding rules were created. This was the easy part.

Setup Outbound NAT Rule

Firewall -> NAT -> Outbound

Switch the Mode at the top from Automatic to Hybrid

Click Save

Click +Add

Interface: WAN

TCP/IP Version: IPv4

Protocol: TCP/UDP

Source address: Xbox One Host Alias

Source port: Xbox Live Port Alias

Destination address: any

Destination port: any

Static Port: Checked (Super Important!)

Description: A one line poem

Rinse and repeat for each Xbox One with their alternate Xbox Live port. The process is pretty simple to do, it took a little to figure out how to make it work. Hope this is helpful for someone else other than me.